CVE-2023-43114

Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.16 Qt versions 6.x prior to 6.2.10 Qt versions 6.3.x through 6.5.x prior to 6.5.3

Description The issue is related to the addApplicationFont{FromData function of the QFontDatabase class in the Qt framework, which is associated with incorrect clearing or release of resources when handling fonts. This can cause an application to crash due to missing length checks when a corrupted font is loaded via the GDI font engine.

Recommendations For Qt versions prior to 5.15.16, update to version 5.15.16 or later. For Qt versions 6.x prior to 6.2.10, update to version 6.2.10 or later. For Qt versions 6.3.x through 6.5.x prior to 6.5.3, update to version 6.5.3 or later. As a temporary workaround, consider restricting the use of the addApplicationFont{FromData function until a patch is available. Avoid loading corrupted fonts via the GDI font engine to minimize the risk of exploitation.